CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Thresholding

Browse Source
This commit is contained in:
Mike Reeves
2022-09-19 16:53:51 -04:00
parent e72eae2e8a
commit 512c044d80
2 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/suricata/soc_suricata.yaml
View File

@@ -1,4 +1,10 @@
suricata: suricata:
thresholding:
sids__yaml:
description: Threshold SIDS List
file: True
syntax: yaml
title: SIDS
config: config:
vars: vars:
address-groups: address-groups:

44
salt/suricata/thresholding/sids.yaml Normal file
View File

@@ -0,0 +1,44 @@
thresholding:
sids:
99999999999999999:
- threshold:
gen_id: 1
type: threshold
track: by_src
count: 10
seconds: 10
- threshold:
gen_id: 1
type: limit
track: by_dst
count: 100
seconds: 30
- rate_filter:
gen_id: 1
track: by_rule
count: 50
seconds: 30
new_action: alert
timeout: 30
- suppress:
gen_id: 1
track: by_either
ip: 10.10.3.7
99999999999999998:
- threshold:
gen_id: 1
type: limit
track: by_dst
count: 10
seconds: 10
- rate_filter:
gen_id: 1
track: by_src
count: 50
seconds: 20
new_action: pass
timeout: 60
- suppress:
gen_id: 1
track: by_src
ip: 10.10.3.0/24